Use this task to specify abstract intents in the Service
Component Architecture (SCA) composite file to achieve a quality of
service for secure connection using Secure Sockets Layer (SSL). The
default SCA composite file is called default.composite and
it is located in the META-INF level of the application structure.
These intents must be mapped to policy sets that can satisfy the intents
during deployment.
Before you begin
Before you begin this task, install a service application.
About this task
Intents and policy sets can be used to configure web service
bindings to achieve a secure connection.
Procedure
- Configure administrative and application security for the
server.
In order to secure the service so that it only
accepts secure requests, and for the service to require authentication,
administrative and application security must be enabled for the server.
See Securing JAX-WS web services using message-level security.
- Configure the service to require a secure transport by
attaching the WSHTTPS default policy set.
Policy sets
and bindings can be specified for SCA services and references using
one of three different methods.
- Specify a policy set and bindings directly in the composite file.
- Attach a policy set during deployment using the addCompUnit command.
- Attached or update a policy set during post deployment using the
web services policy set management panels in the administrative console.
For additional information on each of the methods for
attaching a policy set, see mapping abstract intents and managing
policy sets. The code examples that are included in this task step
and the next step use the composite file method to specify the WSHTTPS
Default policy set.
Attach the WSHTTPS default policy set and
define the quality of service (QoS) namespace in the composite file.
<service name="AccountService">
<binding.ws
qos:wsPolicySet="WSHTTPS default"
... />
</service>
- Configure the client to use SSL connection by attaching
a policy set to the <binding.ws> element.
The
wsPolicySet attribute can be used to specify policy sets at the composite,
component, service, reference, and binding.ws levels in the SCA composite
file. The actual attachment happens only at the binding.ws level
and policy sets specified at other levels are inherited down to the
binding level. For additional information on attaching policy sets
and the inheritance rules, refer to mapping abstract intent to policy
sets. The following example illustrates the attachment of WSHTTPS
default policy set to the <binding.ws> element.
<reference name="AccountService">
<binding.ws
qos:wsPolicySet="WSHTTPS Default"
... />
</reference>
The WSHTTPS default policy set
is a default policy set available in every server profile and it provides
client-side SSL transport configuration. For additional information,
see WSHTTPS default policy set.
Important: The client
must use an endpoint address of the form https://<host>:<secure-port> to
contact the service.
Results
When you finish this task, you have configured web service
bindings to use SSL.
What to do next
You can proceed to configuring other application specific
bindings for your policy sets.